Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Dr Watson

Briansstocks

Posted 13 April 2005 - 11:17 PM

Briansstocks

Member

Member

49 posts

Hello everyone,

This is the best site,I have followed all the instructions before posting.Unfortunately No luck,still having the same problem.So here the HiJackThis log.Ive seen the same problem posted before,hopefully one of you will be able to write a program to stop this for us less than computer savy people Logfile of HijackThis v1.99.1Scan saved at 12:13:41 AM, on 4/14/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Advertisements

don77

Posted 14 April 2005 - 10:23 PM

Hi Briansstocks and welcome, Sorry for the delay in reply but we have been a bit busy lately,

Please read through the instructions before you start (you may want to print this out).

Please download and install these programs - don't run them yet!!

Please download and unzipAbout:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.AboutBuster MUST be updated before you use it.Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.

Please download and install AD-Aware.Check Here on how setup and use it - please make sure you update it first.

Download CW-Shredder at the link below:http://cwshredder.net/bin/CWSshtreder.exe://http://www.mytechsupport.ca/helpwit...CWSshtreder.exe

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"Click "Apply" then "OK"

For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - click here http://www.davehigha...ds/xphidden.zip to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes.

+++++++++++++++++++++++++++++++++++++++++++++++++

Important Step1. Go to Start->Run and type "Services.msc" (without quotes) then hit OkScroll down and find the service called:

” Remote Procedure Call “

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.

5. Delete the following files if present:If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again. C:\WINNT\addfz32.dllC:\winnt\system32\elitemik32.exeC:\WINNT\System32\tibs3.exeC:\WINNT\sdkvf32.exeC:\WINNT\mfcns.exeC:\WINNT\ipxn.exe(and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)

6. Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

7. Scan with AdAware and let it remove any bad files found.

8. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary FilesTemporary Internet FilesRecycle Bin

9. Double click on the cwsserviceremove and when asked to merge say yes.

10. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

11. Reboot into normal mode.

12. Download the Hoster from Here Press "Restore Original Hosts" and press "OK". Exit Program

13. Download and run this online virus scan:[url="http://housecall.trendmicro.com/housecall/start_corp.asp"]http://housecall.trendmicro.com/housecall/start_corp.aspMake sure you check "AutoClean"

Briansstocks

Posted 14 April 2005 - 10:59 PM

Briansstocks

Member

Topic Starter

Member

49 posts

I suck,lol

I dont seem to have an option of where to DL Buster,It is being DLed to my C drive but like the others I cant get to anything on the right side of my start screen to get to it.I unzipped it but cant get to it to start it and update it.

Briansstocks

Posted 14 April 2005 - 11:12 PM

Briansstocks

Posted 14 April 2005 - 11:36 PM

Briansstocks

Member

Topic Starter

Member

49 posts

Ok this time after trying several times restarting and all I unzip xphiddenzip but no Icon appears,Also An Icon <reflist.dll> has appeared on my desktop and if I click on it Dr. Watson freaks out and I have to restart.

don77

Posted 15 April 2005 - 04:45 PM

don77

Malware Expert

Retired Staff

18,526 posts

You'll be fine Brian,
Do this start running through the fix, when you get to the section on searching for and deleting the files,
Click>Start>Search>Files/Folders> Type the file you are seraching for> When it is found>Right click on it and chooes Delete,

Briansstocks

Posted 15 April 2005 - 06:28 PM

Briansstocks

Member

Topic Starter

Member

49 posts

Ok I messed something up big time,

I tried to disable the Remote procedure Call

There was 3 of them only 1 could be disabled,after doing so I rebooted
Unfortunately XP isnt like 98 and the safemode option isnt there,I thought it was where the computer boots up.I think I tried F2,
It was so fast that I keep trying to restart to see where it was.

Now the computer takes forever to start up and the tool bar is gone.
I can get it to come back but when I tried to sign online I keep getting a msg that AOL has detected an error in my connection and wants me to shutdown and retry.

don77

Posted 15 April 2005 - 07:17 PM

Briansstocks

Posted 15 April 2005 - 07:45 PM

Briansstocks

Member

Topic Starter

Member

49 posts

When I went back to the regular mode,after leaving safe mode,I had a box pop up saying I made changes to my configuration and to hit the general tab,It never told ne what general tab or where it was,now while im in normal XP mode it gives me a msg that it cant protect my computer at this time and to restart,and it just gives me the same MSG again.

Would zeroing out my hard drive and just reinstalling everything I have solve this whole mess?